An APP detection method, system, device, equipment and storage medium
By running the app to be tested in a cloud phone and performing simulated operations, and generating test results using a preset detection algorithm, the problem of high cost and high professional knowledge requirements for cross-device testing in existing technologies is solved, achieving low-cost and efficient app testing.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING BAIDU NETCOM SCI & TECH CO LTD
- Filing Date
- 2021-11-16
- Publication Date
- 2026-06-23
AI Technical Summary
Existing APP detection methods require data collection and testing across devices, which increases the cost of use and requires a high level of professional knowledge from the testing personnel.
The app to be tested is run on a cloud phone to simulate operation, obtain running data, and perform detection using a preset detection algorithm to generate detection results.
It enables cross-device APP testing, reducing usage costs, decreasing the professional knowledge requirements for testing personnel, and making the testing more comprehensive and efficient.
Smart Images

Figure CN114036501B_ABST
Abstract
Description
Technical Field
[0001] This disclosure relates to the field of artificial intelligence technology, and more particularly to the field of big data and application detection technology. Background Technology
[0002] Typically, users' electronic devices have a large number of applications (APPs) installed. In order to ensure the security of users' data, these applications need to be tested. Summary of the Invention
[0003] This disclosure provides a method, system, apparatus, device, and storage medium for app detection that does not require cross-device operation.
[0004] According to one aspect of this disclosure, a method for detecting an app is provided, comprising:
[0005] Run the app to be tested in a cloud phone;
[0006] Based on the current testing project, simulate the operation of the APP to be tested in a cloud phone;
[0007] The current detection data required for the current detection item is obtained from the running data generated during the simulated operation of the cloud phone;
[0008] Based on the preset target detection algorithm of the current detection item, the current detection data is detected to obtain the detection result of the current detection item.
[0009] According to another aspect of this disclosure, an APP detection system is provided, the system comprising: a cloud phone, an APP detection platform, a data monitoring module, and a data analysis module;
[0010] The cloud phone is used to run the app to be tested;
[0011] The APP testing platform is used to simulate the operation of the APP to be tested in a cloud phone based on the current testing project.
[0012] The data monitoring module is used to obtain the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone;
[0013] The data analysis module is used to detect the current detection data based on the preset target detection algorithm of the current detection item, and obtain the detection result of the current detection item.
[0014] According to one aspect of this disclosure, an APP detection device is provided, comprising:
[0015] The APP to be tested module is used to run the APP to be tested in the cloud phone;
[0016] The simulation operation module is used to simulate the operation of the APP to be tested in the cloud phone based on the current testing project;
[0017] The detection data acquisition module is used to obtain the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone;
[0018] The detection result acquisition module is used to detect the current detection data based on the preset target detection algorithm of the current detection item, and obtain the detection result of the current detection item.
[0019] According to one aspect of this disclosure, an electronic device is provided, comprising:
[0020] At least one processor; and
[0021] A memory communicatively connected to the at least one processor; wherein,
[0022] The memory stores instructions that can be executed by the at least one processor, which, when executed by the at least one processor, enables the at least one processor to perform any of the above-described APP detection methods.
[0023] According to one aspect of this disclosure, a non-transitory computer-readable storage medium is provided storing computer instructions, wherein the computer instructions are used to cause the computer to execute the detection method of any of the above-described APPs.
[0024] According to one aspect of this disclosure, a computer program product is provided, including a computer program that, when executed by a processor, implements the detection method for any of the above-described APPs.
[0025] It should be understood that the description in this section is not intended to identify key or essential features of the embodiments of this disclosure, nor is it intended to limit the scope of this disclosure. Other features of this disclosure will become readily apparent from the following description. Attached Figure Description
[0026] The accompanying drawings are provided to better understand this solution and do not constitute a limitation of this disclosure. Wherein:
[0027] Figure 1 This is a schematic diagram of the first embodiment of the APP detection method provided in this disclosure;
[0028] Figure 2 This is a schematic diagram of a second embodiment of the APP detection method provided in this disclosure;
[0029] Figure 3This is a schematic diagram of the first embodiment of the APP detection page provided in this disclosure;
[0030] Figure 4 This is a schematic diagram of the second embodiment of the APP detection page provided in this disclosure;
[0031] Figure 5 This is a schematic diagram illustrating a specific example of the APP detection method provided in this disclosure;
[0032] Figure 6 This is a schematic diagram of a third embodiment of the APP detection method provided in this disclosure;
[0033] Figure 7 This is a schematic diagram of a test report based on the APP testing method provided in this disclosure;
[0034] Figure 8 This is a schematic diagram of another test report based on the APP testing method provided in this disclosure;
[0035] Figure 9 This is a schematic diagram of a first embodiment of the APP detection system provided in this disclosure;
[0036] Figure 10 This is a schematic diagram of a second embodiment of the APP detection system provided in this disclosure;
[0037] Figure 11 This is a schematic diagram of a first embodiment of the APP detection device provided in this disclosure;
[0038] Figure 12 This is a block diagram of an electronic device used to implement the APP detection method of the present disclosure embodiments. Detailed Implementation
[0039] The exemplary embodiments of this disclosure are described below with reference to the accompanying drawings, including various details of the embodiments to aid understanding, and should be considered merely exemplary. Therefore, those skilled in the art will recognize that various changes and modifications can be made to the embodiments described herein without departing from the scope and spirit of this disclosure. Similarly, for clarity and brevity, descriptions of well-known functions and structures are omitted in the following description.
[0040] Currently, most app testing requires testing personnel to manually collect and test data across devices, which not only increases the cost of use but also requires a high level of professional knowledge from the testing personnel.
[0041] Therefore, this disclosure provides a method, system, apparatus, device, and storage medium for detecting apps that do not require cross-device communication. The method for detecting apps provided in this disclosure will be introduced first below.
[0042] See Figure 1 , Figure 1 This is a schematic diagram of a first embodiment of the APP detection method provided in this disclosure, which may include the following steps:
[0043] Step S110: Run the APP to be tested in the cloud phone.
[0044] A cloud phone is a cloud service based on virtualization technology and cloud servers. It virtualizes a phone with a native mobile operating system (such as Android) and provides virtual phone functionality. Users can remotely control the cloud phone in real time, enabling apps to run in the cloud. One specific implementation is custom development based on the AOSP (Android Open-Source Project) open-source code. Typically, a cloud phone includes a background process running in the cloud and a front-end web interface. The background process runs various apps on the cloud phone, while the front-end interface displays various screen views generated during app operation, allowing users to remotely control the phone in real time.
[0045] In this embodiment of the disclosure, the user can upload the installation package of the APP to be tested to a cloud phone, and the cloud phone can install and run the installation package uploaded by the user.
[0046] Step S120: Based on the current detection item, simulate the operation of the APP to be detected in the cloud phone.
[0047] In this embodiment of the disclosure, a variety of detection items can be provided to the user, who can select the current detection item according to their needs. The aforementioned detection items may include privacy compliance detection, content compliance detection, application vulnerability detection, deepfake detection, and AI data anonymization, etc.
[0048] Step S130: Obtain the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone.
[0049] In this embodiment, the cloud phone can actively traverse all interfaces of the app under test to run its various functions, essentially simulating real device operations to reduce user costs. Alternatively, as another implementation, the user can simulate real device operations on the app under test within the cloud phone. Both methods can also be used simultaneously; after traversal, the user performs simulated operations to supplement the test data. In this case, if user intervention is not required for the current task, the cloud phone can display a corresponding prompt, such as a mask over installed applications, preventing manual operation and indicating that automatic testing is currently in progress.
[0050] As a specific implementation of this disclosure, a data monitoring module can be embedded in the cloud phone, and this module can acquire all data generated by the app under test during the simulated operation described above. This data can include the static and dynamic code of the app under test; specifically, it can include behavioral data such as permissions invoked by the app during operation, the app's collection of personal information, and the app's transmission of device information. The required testing data for the current testing item can then be obtained from this data. This makes it more convenient to collect the necessary testing data.
[0051] Step S140: Based on the preset target detection algorithm of the current detection item, the current detection data is detected to obtain the detection result of the current detection item.
[0052] In this embodiment of the disclosure, after obtaining the detection result of the current detection item, the user can also choose to generate a detection report of the current detection item of the APP to be tested.
[0053] The APP detection method provided in this disclosure runs the APP to be tested on a cloud phone and simulates operations on the APP based on the current detection item. Simultaneously, it acquires data generated by the APP during the simulated operation and obtains the detection data required for the current detection item. Then, based on a preset target detection algorithm for the current detection item, it performs detection on the current detection data to obtain the detection result for the current detection item. By running the APP to be tested on a cloud phone, this disclosure allows detection to be completed on any device in the cloud, eliminating the need for multiple devices, thus improving the convenience of APP detection and reducing usage costs. Furthermore, during the detection process, no manual evaluation of the APP detection data is required, reducing the professional knowledge requirements for testing personnel. Moreover, by simulating operations on the APP to be tested, the dynamic running code of the APP can be obtained for corresponding detection, making the detection more comprehensive and effective.
[0054] In one embodiment of this disclosure, see Figure 2 , Figure 1 Step S120 can be further refined as follows:
[0055] Step S121: Display the APP detection page to the user. The APP detection page includes: the current detection item and the cloud phone display interface image; the cloud phone display interface image is used to display the various interfaces displayed by the cloud phone during the running of the APP to be tested.
[0056] In this embodiment of the disclosure, the aforementioned APP detection page can be a webpage that displays the aforementioned cloud phone interface image.
[0057] In this embodiment, the cloud phone interface image can be displayed as a video stream. As a specific implementation, the cloud phone can run the app to be tested in the background and generate a video stream of the cloud phone display interface based on the images generated during the app's operation. This video stream is then sent to the app testing page, which can then display the video stream at a preset cloud phone display location (e.g., ...). Figure 3 (As shown). In this embodiment, the video stream can be generated and displayed in real time, that is, the cloud phone display interface is displayed in real-time video mode. This makes the cloud phone display more convenient and smoother.
[0058] like Figure 3 As shown, the aforementioned APP testing page can include multiple testing items, specifically including privacy compliance testing, content compliance testing, application vulnerability testing, deepfake testing, and AI data anonymization, etc. Users can select the testing items according to their own needs. After the user selects the current testing item, the APP testing page will display all the testing items for that item. Simultaneously, the APP testing page can also display images of the cloud phone's interface to show the user the various interfaces displayed by the APP under testing during the testing process.
[0059] As a specific implementation, the APP detection page may also include: task information and / or detection status information of the tasks included in the current detection item.
[0060] The tasks included in the current detection project are pre-set. Therefore, when performing APP detection, the task information and / or detection status information of the tasks can be displayed on the APP detection page.
[0061] The task information of the current detection project may include: user operation task information that the user needs to perform on the APP to be detected in the current detection project; so that the user can perform operations on the cloud phone display interface image based on the user operation task information.
[0062] In this embodiment of the disclosure, the aforementioned user operation tasks can be pre-set by the developers for different detection items.
[0063] like Figure 3 As shown, the current detection project can include multiple detection items, and each detection item can also include various operation tasks that the user needs to complete. For example, the above operation task could be "complete APP login on the left mobile phone". The user can then perform corresponding simulated real device operations on the cloud phone display interface image according to the operation task. The above data monitoring module can obtain the running data generated by the APP to be tested during the user's simulated operation.
[0064] The detection status information can be used to display the completion status of the operational tasks included in the current detection item.
[0065] like Figure 3 As shown, Figure 3 The "Detection Item Trigger Progress" feature displays the current detection status of the detection item to the user. This status can include the detection items and task completion status of the current detection item, i.e., how many detection items / tasks have been completed and how many have not been completed.
[0066] As one specific implementation of this disclosure, such as Figure 3 As shown, progress bars can be added next to each displayed detection item and task to more intuitively show the user which detection item or task is currently in progress. The icon of the app being detected can also be displayed to indicate to the user which app is being detected.
[0067] As can be seen, this approach allows for a more intuitive demonstration of the app's detection process to users, enhancing their testing experience. Furthermore, by having users simulate operations on the cloud phone according to the displayed tasks, the detection becomes more comprehensive.
[0068] like Figure 2 As shown, in step S122, the user's operation on the cloud phone display interface image based on the current detection item is obtained, and a simulated operation instruction for the APP to be detected is generated so that the cloud phone executes the simulated operation instruction.
[0069] As described above, the APP detection page can be a webpage. In this embodiment of the disclosure, an operation control module can be embedded in the webpage. The operation control module can receive simulated operations of the user on the cloud phone and generate corresponding simulated operation instructions to be transmitted to the running background of the cloud phone.
[0070] Accordingly, as a specific implementation of this disclosure, a corresponding control module can be embedded in the background of the cloud phone. This control module can receive simulated operation instructions sent by the aforementioned operation control module, perform corresponding operations on the APP according to the simulated operation instructions (e.g., logging into the APP), and return the corresponding operation results to the webpage for display, such as displaying that the operation task is completed, the progress of the detection item is increasing, etc. Simultaneously, the corresponding operation results (e.g., login successful, etc.) can be displayed on the cloud phone's display interface. The above operation results can be transmitted to the APP detection page in the form of a video stream for display.
[0071] As can be seen above, by displaying the cloud phone's interface image and allowing users to simulate operations on the cloud phone's interface, the user's experience of simulating a real device is improved.
[0072] In one embodiment of this disclosure, such as Figure 4 As shown, the above detection page may also include multiple screenshots of the interface of the APP to be detected during the execution of the preset target task in the current detection project.
[0073] As a specific implementation of this embodiment, the user operation task set for the current detection item may include a user screenshot task. For example, the target task may be "privacy agreement disclosure," in which case the user can find the privacy agreement name in the app to be detected on the cloud phone and take a screenshot. After receiving the user screenshot operation, the operation control module can generate a corresponding screenshot operation instruction and send it to the response control module of the cloud phone. After receiving the screenshot operation instruction, the response control module can take a screenshot of the current cloud phone display interface and send the operation result to the webpage. The webpage can display the screenshot in a preset display position, and the cloud phone can display a prompt message such as "Screenshot successful, saved to folder."
[0074] As another implementation of this disclosure, the cloud phone backend may take screenshots of relevant content according to a preset task and display the screenshots at a preset display location.
[0075] By displaying screenshots of the relevant interfaces of the app being tested, the testing process can be shown to users more intuitively, thus improving the user's testing experience.
[0076] In this embodiment of the disclosure, the APP detection page can also display the detection results to intuitively show the user the detection status of the APP to be tested, thereby improving the user's detection experience.
[0077] The following section will use privacy compliance testing as an example to explain the testing methods for the apps provided in this publication.
[0078] As a specific example of this disclosure, if the user selects privacy compliance testing as the current testing item, then the current testing data required for this item may include the privacy policy text and APP behavior monitoring data. This APP behavior monitoring data may include APP access permissions, third-party SDK information and access permissions, personal information collected by the APP, and APP transmission device information. All of the above data can be obtained by the data monitoring module during the operation of the APP being tested.
[0079] like Figure 5 As shown in this embodiment, the detection items for privacy compliance detection may include privacy policy agreement detection, personal information collection and use detection, and user rights protection detection.
[0080] The privacy policy agreement detection item can include three tasks. Task one could be finding the privacy policy, clicking to open it, and recording the number of clicks required to find the privacy policy. In this embodiment, the user can manually record the number of clicks required to find the privacy policy.
[0081] Task 1 can include two sub-tasks. The first sub-task is to explicitly state the privacy agreement. When performing this task, the user can manually take a screenshot of the privacy agreement of the app to be tested on a cloud phone. The screenshot can be displayed in a preset screenshot display location.
[0082] The second subtask of Task 1 is the privacy agreement text.
[0083] When completing this task, the cloud phone can automatically scan the app to be tested and identify its privacy policy text. Alternatively, the user can manually trigger the scan by finding the relevant tags on the cloud phone. For example, the user can find the privacy policy text in "My Account - Settings - Agreement and Statement or About ** or Privacy". The "**" in "About **" can refer to the name of the app to be tested.
[0084] like Figure 5 As shown, the second task of the privacy policy agreement detection is: If necessary, please complete the APP login on the phone on the left. Users can complete the APP login on the cloud phone display interface when the detection reaches this task.
[0085] Task 3 involves completing the supplementary information. This supplementary information may include the number of clicks required to find the privacy policy, as recorded by the user. Since relevant regulations stipulate that the privacy policy cannot be found after four clicks, it is considered not disclosed. Therefore, the number of clicks recorded by the user can be compared with four during the test to determine whether the app under test complies with this regulation.
[0086] like Figure 5As shown, automatic page detection can also be performed during privacy compliance testing, which involves traversing each interface of the app to be tested and running its various functions.
[0087] Correspondingly, such as Figure 6 As shown, Figure 1 Step S140, the process of detecting the data to be detected, can include:
[0088] Step S141: Perform natural language processing on the privacy policy text to obtain the preset calling permissions of the APP to be detected and the preset functions that can call the preset permissions contained in the privacy policy text.
[0089] In this embodiment, a pre-trained natural language processing model can be used to perform natural language processing on the privacy text of the app to be tested, thereby obtaining the preset permissions that the app to be tested can invoke, as well as the functions that the app to be tested can perform when invoking these permissions. In other words, the permissions and usage scenarios declared in the privacy text of the app to be tested are as follows: For example, if the app to be tested is a shopping app, its privacy text may state that when using the "photo search" function, the app can access the phone's camera or read the phone's photo album.
[0090] Step S142: Perform behavior recognition on the APP behavior monitoring data to obtain the permissions called by the APP under test during operation and the functions of the called permissions.
[0091] In this embodiment of the disclosure, a behavior recognition model can be pre-trained, and the behavior recognition model can classify the detection data into behaviors to obtain the functions corresponding to each detection data. Specifically, the specific permissions, call time, and call scenario called by the APP to be detected can be obtained based on the detection data.
[0092] In this embodiment of the disclosure, multi-dimensional data collection models such as application service type identification model and device status identification model can also be used to make a composite judgment on the data to determine whether the APP to be tested is compliant.
[0093] Step S143: Compare the permissions called by the APP under test during its operation and the functions of the called permissions with the preset called permissions of the APP under test and the preset functions of the preset permissions contained in the privacy policy text.
[0094] After steps S141 and S142, the permissions declared in the privacy policy text of the app under test, the functions that can invoke those permissions, the permissions invoked by the app during actual operation, and the functions executed when those permissions are invoked can be obtained. In this step, the permissions declared in the privacy policy text and the functions that can invoke those permissions are compared with the permissions invoked by the app during actual operation to obtain the compliance results of permission usage. Using this method to perform privacy compliance testing on the app under test does not require analysis of the app's original code, making the testing relatively convenient and providing comprehensive coverage of the test items.
[0095] As one specific implementation of this disclosure, when detecting the app to be tested, it can also be tested based on preset rules. These preset rules may include relevant laws and regulations concerning the app, further enhancing the detection capabilities.
[0096] Step S144: Based on the comparison results, obtain the detection results.
[0097] As mentioned above, after obtaining the test results, they can be displayed on the APP's test page. For example... Figure 5 As shown, a "Generate Test Report" button can be displayed on the APP's test page. Users can generate a test report by clicking this button.
[0098] In this embodiment of the disclosure, different forms of test reports can be output for professionals and non-professionals.
[0099] For non-professionals, the comparison results can be used to identify the content in the privacy policy text that is consistent with the APP behavior monitoring data of the APP under test, and the content in the privacy policy text that is inconsistent with the APP behavior monitoring data generated by the APP under test. This information can then be displayed as the detection result.
[0100] See Figure 7 , Figure 7 This diagram illustrates a detection report output to the user. Figure 7 As shown, the test report can display the test results, test overview, and specific issues. The test results can show whether the app under test has any problems, and the test overview can show which test item detected the problem.
[0101] like Figure 7As shown, the test report indicates issues detected in the textual aspects of the privacy policy (checking the notification method and content of the app's privacy policy for any illegal or irregular content) and the collection and use of personal information (checking what personal information the app actually collects during use and the legality and compliance of that collection). However, no issues were detected in the area of user rights protection (checking the legality and compliance of the app's user rights protection measures, including user account cancellation, personal information inquiry, correction, deletion, and feedback processing). Furthermore, the test report can also show the specific number of issues found in each test item, such as... Figure 7 As shown, the privacy policy test included 10 testing tasks, with 2 issues found; the personal information collection and use test included 15 tasks, with 3 issues found.
[0102] In this embodiment of the disclosure, the user can view the specific detection status of each detection item, such as... Figure 7 As shown, users can choose to view the specific detection results in the Personal Information Collection and Use Detection section. The issues detected in this detection item include: when requesting the collection of users' sensitive personal information, the purpose was not disclosed simultaneously or the purpose was unclear or difficult to understand; personal information was collected or permissions to collect personal information were granted before consent to the privacy policy was obtained; the personal information actually collected or the permissions to collect personal information requested were beyond the scope authorized by the user.
[0103] Furthermore, for each specific problem, the testing standards, corresponding improvement suggestions, testing details, and so on can be displayed.
[0104] like Figure 8 As shown, Figure 7Regarding the issue of collecting personal information or granting permissions to collect personal information before the user consents to the privacy policy, the testing standard can be relevant regulations for the app. Improvement suggestions could include clearly prompting users to read the privacy policy and other collection and usage rules through pop-ups or other prominent means when the app is first launched. Personal information should only be collected or permissions granted to collect personal information should only be granted after the user actively fills in, clicks, or checks to express their consent. Personal information should not be collected or permissions granted to collect personal information should not be granted before the user agrees to the privacy policy when using the app for the first time. Testing details could include specific issues and the testing data used to obtain those data, such as the specific timing of permission calls. For example, the aforementioned issue could be that although the app clearly informs the user and obtains their consent during runtime, personal information collection (reading the currently running application process) occurs before the user's consent. The specific time information includes: 10:50:47.904 Start detection; 10:50:49.607 Start application; 10:50:52.674 Read currently running application process; 10:50:53.949 Read currently running application process; 10:50:54.279 Privacy policy pops up. From the above data, it can be seen that although there is a process of clearly informing the user and obtaining the user's consent when the APP is running, the collection of personal information (reading the currently running application process) occurs before the user's consent.
[0105] As another embodiment of this disclosure, for those skilled in the art, the comparison results can be directly used as the detection results. As shown in the table below:
[0106]
[0107]
[0108] As shown in the table above, professionals can view the specific details of the permissions requested by the app under test, including the app's permission request status, usage status, and usage time, and can also view the corresponding code.
[0109] By displaying the test results in the different ways mentioned above, we can meet the diverse testing needs of various users for the APP.
[0110] In existing technologies, app testing typically includes the following three methods:
[0111] Method 1: Install detection software on a real device and manually filter content to identify risks. This method involves system-level monitoring of built-in apps, but can only identify app behavior records. It cannot reveal specific permissions, SDK behavior scenarios, or data usage information, nor can it identify privacy policy / agreement related issues. Manual review and evaluation of the app are still required. Not only can it not comprehensively identify privacy compliance-related content, but it also requires the tester to have certain professional knowledge.
[0112] Method Two: Using packet capture software on a computer, configure the mobile phone to access the network and monitor its network usage and traffic information. This method requires manual collection of raw data across multiple devices. Privacy experts need to analyze this raw data based on their knowledge and experience to determine the app's current privacy compliance status. This approach demands a high level of expertise from the testers and increases costs due to the cross-device nature of the method.
[0113] Method 3: Use computer-based detection software to perform static analysis on the app installation package. Then, install and run the app on a real device using the same software, simultaneously capturing network requests and traffic information. This method integrates different detection capabilities into one software, facilitating automatic code analysis and listing the permissions called by the application and the corresponding risks. However, for dynamic code, manual connection between the physical phone and the computer is still required, and actions must be performed on the phone to assist the software in acquiring dynamic code for further analysis.
[0114] Compared with the existing technologies, the APP detection method provided in this disclosure, by using a cloud phone to simulate a real device running the APP to be tested, can complete the detection data collection and APP detection on any device in the cloud, eliminating the need for multiple devices to complete the APP detection. This solves the problem of cross-device requirements in existing APP detection methods, improving the convenience of APP detection. Furthermore, it can obtain the dynamic code of the APP to be tested without cross-device access or manual intervention, further enhancing the ease of obtaining the dynamic code. The APP detection method provided in this disclosure can automatically obtain detection results based on the detection data using preset detection algorithms for each detection item, and display the results in the form of a detection report. Since the detection algorithms in the APP detection method provided in this disclosure are all preset, and the user can be prompted during the detection process by displaying various operation tasks that need to be completed, users do not need to possess high levels of professional knowledge. In addition, in the embodiments of the APP detection method provided in this disclosure, intelligent algorithms can be used in the cloud phone for page traversal, further reducing the user's usage cost.
[0115] According to another aspect of embodiments of this disclosure, this disclosure also provides a system for APP detection. For example... Figure 9 As shown, the system may include: a cloud phone 910, an APP detection platform 920, a data monitoring module 930, and a data analysis module 940;
[0116] The cloud phone 910 is used to run the APP to be tested;
[0117] The APP detection platform 920 is used to simulate the operation of the APP to be detected based on the current detection item.
[0118] The data monitoring module 930 is used to obtain the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone;
[0119] like Figure 9 As shown, the data monitoring module 930 can be installed in the cloud phone 910.
[0120] The data analysis module 940 is used to detect the current detection data based on the preset target detection algorithm of the current detection item, and obtain the detection result of the current detection item.
[0121] In one embodiment of this disclosure, after obtaining the detection results, the data analysis module 940 can send the detection results to the APP detection platform for display.
[0122] The APP detection system provided in this disclosure involves running the APP to be detected on a cloud phone and simulating operations on the APP based on the current detection item. Simultaneously, a data monitoring module acquires data generated by the APP during the simulated operation and extracts the detection data required for the current detection item. Then, a data analysis module performs detection on the current detection data based on a preset target detection algorithm for the current detection item, thereby obtaining the detection result for the current detection item. By running the APP to be detected on a cloud phone, detection can be completed on any device in the cloud, eliminating the need for multiple devices and improving the convenience of APP detection. Furthermore, by simulating operations on the APP to be detected, the dynamic running code of the APP can be obtained for corresponding detection, making the detection more comprehensive and effective.
[0123] like Figure 10 As shown, in one embodiment of this disclosure, the APP detection platform 920 can be used to display an APP detection page (i.e., a front-end webpage 922) to the user. The APP detection page includes: the current detection item and a cloud phone display interface image 923; the cloud phone display interface image 923 is used to display various interfaces displayed by the cloud phone during the process of running the APP to be detected.
[0124] The system obtains the user's actions on the cloud phone's display interface image based on the current detection item, generates simulated operation instructions for the APP to be detected, and causes the cloud phone to execute the simulated operation instructions.
[0125] like Figure 10 As shown, in this embodiment of the present disclosure, an operation control module 921 can be added to the APP detection platform 920. The operation control module 921 generates operation instructions based on the user's operation and sends them to the cloud phone 910. Correspondingly, a response control module 911 can be added to the cloud phone to receive the operation instructions sent by the operation control module 921 and send the operation results to the operation control module. After receiving the operation results, the APP detection platform 920 displays the operation results through the APP detection page.
[0126] like Figure 10 As shown, in one embodiment of this disclosure, the cloud phone 910 can install multiple apps 914. The cloud phone 910 can use an ARM processor 912 and an Android 8.1 operating system 913 to run and operate the apps to be tested.
[0127] In one embodiment of this disclosure, the APP detection page may further include: task information and / or detection status information of the tasks included in the current detection item;
[0128] The task information of the current detection project includes: user operation task information that the user needs to perform on the APP to be detected in the current detection project; so that the user can perform operations on the cloud phone display interface image based on the user operation task information;
[0129] The detection status information is used to display the completion status of the tasks included in the current detection item.
[0130] In one embodiment of this disclosure, the APP detection page further includes: multiple screenshots of the interface of the APP to be detected during the execution of a preset target task in the current detection project.
[0131] In one embodiment of this disclosure, the APP detection platform can also be used to display the detection results on the APP detection page.
[0132] In one embodiment of this disclosure, the cloud phone can also be used to generate a cloud phone display interface video stream based on the interface images displayed during the operation of the APP to be tested.
[0133] The video stream from the cloud phone's display interface is sent to the APP's detection page for display.
[0134] like Figure 10As shown, the cloud phone can send its display interface to the APP testing platform via video transmission, and the front-end webpage 922 in the APP testing platform displays the video stream of the cloud phone's display interface.
[0135] In one embodiment of this disclosure, the data monitoring module 930 can be specifically used to acquire the running data generated during the simulation operation of the cloud phone;
[0136] From the acquired operational data, obtain the current detection data required for the current detection item.
[0137] In one embodiment of this disclosure, if the current detection item is a privacy compliance detection, the current detection data required for the current item includes: privacy policy text and APP behavior monitoring data.
[0138] The data analysis module is used to perform natural language processing on the privacy policy text to obtain the preset calling permissions of the APP to be detected and the preset functions that can call the preset permissions contained in the privacy policy text.
[0139] The behavior monitoring data of the APP is used to identify behaviors and obtain the permissions called by the APP under test during its operation and the functions of the permissions called.
[0140] The permissions called by the APP under test during its operation and the functions of those permissions are compared with the preset permissions called by the APP under test and the preset functions of those preset permissions contained in the privacy policy text.
[0141] Based on the comparison results, the detection results are obtained.
[0142] In one embodiment of this disclosure, the data analysis module obtains the detection result based on the comparison result, including:
[0143] Based on the comparison results, the content in the privacy policy text that is consistent with the APP behavior monitoring data of the APP to be tested and the content in the privacy policy text that is inconsistent with the APP behavior monitoring data generated by the APP to be tested are taken as the detection results;
[0144] or
[0145] The comparison results are used as the detection results.
[0146] According to embodiments of this disclosure, this disclosure also provides an APP detection device, such as... Figure 11 As shown, it may include:
[0147] The APP running module 1110 is used to run the APP under test in a cloud phone;
[0148] The simulation operation module 1120 is used to simulate the operation of the APP to be tested in the cloud phone based on the current testing item;
[0149] The detection data acquisition module 1130 is used to obtain the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone;
[0150] The detection result acquisition module 1140 is used to detect the current detection data based on the target detection algorithm preset for the current detection item, and obtain the detection result of the current detection item.
[0151] The APP detection device provided in this embodiment runs the APP to be detected in a cloud phone and simulates operations on the APP based on the current detection item. Simultaneously, it acquires data generated by the APP during the simulated operation and obtains the detection data required for the current detection item. Then, based on a preset target detection algorithm for the current detection item, it performs detection on the current detection data to obtain the detection result for the current detection item. By applying this embodiment, detection can be completed on any device in the cloud by running the APP to be detected in a cloud phone, eliminating the need for multiple devices and improving the convenience of APP detection. Furthermore, by simulating operations on the APP to be detected, the dynamic running code of the APP can be obtained for corresponding detection, making the detection more comprehensive and effective.
[0152] The collection, storage, use, processing, transmission, provision, and disclosure of user personal information involved in the technical solution disclosed herein comply with the provisions of relevant laws and regulations and do not violate public order and good morals.
[0153] According to embodiments of this disclosure, this disclosure also provides an electronic device, a readable storage medium, and a computer program product.
[0154] Figure 12 A schematic block diagram of an example electronic device 1200 that can be used to implement embodiments of the present disclosure is shown. The electronic device is intended to represent various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. The electronic device may also represent various forms of mobile devices, such as personal digital processors, cellular phones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions are merely illustrative and are not intended to limit the implementation of the present disclosure described and / or claimed herein.
[0155] like Figure 12As shown, device 1200 includes a computing unit 1201, which can perform various appropriate actions and processes according to a computer program stored in read-only memory (ROM) 1202 or a computer program loaded from storage unit 1208 into random access memory (RAM) 1203. The RAM 1203 may also store various programs and data required for the operation of device 1200. The computing unit 1201, ROM 1202, and RAM 1203 are interconnected via bus 1204. Input / output (I / O) interface 1205 is also connected to bus 1204.
[0156] Multiple components in device 1200 are connected to I / O interface 1205, including: input unit 1206, such as keyboard, mouse, etc.; output unit 1207, such as various types of monitors, speakers, etc.; storage unit 1208, such as disk, optical disk, etc.; and communication unit 1209, such as network card, modem, wireless transceiver, etc. Communication unit 1209 allows device 1200 to exchange information / data with other devices through computer networks such as the Internet and / or various telecommunications networks.
[0157] The computing unit 1201 can be various general-purpose and / or special-purpose processing components with processing and computing capabilities. Some examples of the computing unit 1201 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various special-purpose artificial intelligence (AI) computing chips, various computing units running machine learning model algorithms, a digital signal processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 1201 performs the various methods and processes described above, such as the APP detection method. For example, in some embodiments, the APP detection method may be implemented as a computer software program tangibly contained in a machine-readable medium, such as storage unit 1208. In some embodiments, part or all of the computer program may be loaded and / or installed on device 1200 via ROM 1202 and / or communication unit 1209. When the computer program is loaded into RAM 1203 and executed by the computing unit 1201, one or more steps of the APP detection method described above may be performed. Alternatively, in other embodiments, the computing unit 1201 may be configured to execute the detection method of the APP by any other suitable means (e.g., by means of firmware).
[0158] Various embodiments of the systems and techniques described above herein can be implemented in digital electronic circuit systems, integrated circuit systems, field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), systems-on-a-chip (SoCs), complex programmable logic devices (CPLDs), computer hardware, firmware, software, and / or combinations thereof. These various embodiments may include implementations in one or more computer programs that can be executed and / or interpreted on a programmable system including at least one programmable processor, which may be a dedicated or general-purpose programmable processor, capable of receiving data and instructions from a storage system, at least one input device, and at least one output device, and transmitting data and instructions to the storage system, the at least one input device, and the at least one output device.
[0159] The program code used to implement the methods of this disclosure may be written in any combination of one or more programming languages. This program code may be provided to a processor or controller of a general-purpose computer, special-purpose computer, or other programmable data processing apparatus, such that when executed by the processor or controller, the program code causes the functions / operations specified in the flowcharts and / or block diagrams to be implemented. The program code may be executed entirely on a machine, partially on a machine, as a standalone software package partially on a machine and partially on a remote machine, or entirely on a remote machine or server.
[0160] In the context of this disclosure, a machine-readable medium can be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. A machine-readable medium can be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium can be, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.
[0161] To provide interaction with a user, the systems and techniques described herein can be implemented on a computer having: a display device for displaying information to the user (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor); and a keyboard and pointing device (e.g., a mouse or trackball) through which the user provides input to the computer. Other types of devices can also be used to provide interaction with the user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form (including sound input, voice input, or tactile input).
[0162] The systems and technologies described herein can be implemented in computing systems that include backend components (e.g., as a data server), or computing systems that include middleware components (e.g., an application server), or computing systems that include frontend components (e.g., a user computer with a graphical user interface or web browser through which a user can interact with embodiments of the systems and technologies described herein), or any combination of such backend, middleware, or frontend components. The components of the system can be interconnected via digital data communication of any form or medium (e.g., a communication network). Examples of communication networks include local area networks (LANs), wide area networks (WANs), and the Internet.
[0163] Computer systems can include clients and servers. Clients and servers are generally located far apart and typically interact via communication networks. Client-server relationships are created by computer programs running on the respective computers and having a client-server relationship with each other. Servers can be cloud servers, servers in distributed systems, or servers incorporating blockchain technology.
[0164] It should be understood that the various forms of processes shown above can be used to rearrange, add, or delete steps. For example, the steps described in this disclosure can be executed in parallel, sequentially, or in different orders, as long as the desired result of the technical solution disclosed in this disclosure can be achieved, and this is not limited herein.
[0165] The specific embodiments described above do not constitute a limitation on the scope of protection of this disclosure. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can be made according to design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this disclosure should be included within the scope of protection of this disclosure.
Claims
1. A method for detecting an app, comprising: Run the app to be tested in a cloud phone; The cloud phone is a cloud service with virtual phone functionality; Based on the current testing item, simulate the required operations for the current testing item in the cloud phone's APP to be tested; The current detection data required for the current detection item is obtained from the running data generated during the simulated operation of the cloud phone; If the current detection item is a privacy compliance detection, the current detection data required for the current detection item includes: privacy policy text and APP behavior monitoring data; Natural language processing is performed on the privacy policy text to obtain the preset access permissions of the app to be detected and the preset functions that can access the preset permissions contained in the privacy policy text; The behavior monitoring data of the APP is used to identify behaviors and obtain the permissions called by the APP under test during its operation and the functions of the permissions called. The permissions called by the APP under test during its operation and the functions of the called permissions are compared with the preset called permissions of the APP under test and the preset functions of the preset permissions that can be called contained in the privacy policy text. Based on the comparison results, the detection results are obtained; The steps for simulating the operation of the app to be tested in the cloud phone based on the current testing item include: An APP testing page is displayed to the user. This page includes: the current testing item, a cloud phone display interface image, and task information for the tasks included in the current testing item. The cloud phone display interface image is displayed as a video stream, sent to the APP testing page by the cloud phone's background process. This video stream is generated by the cloud phone's background process running the APP under test and based on the images generated during the APP's operation. The cloud phone display interface image displays various interfaces displayed during the cloud phone's operation of the APP under test. The task information for the current testing item includes: user operation task information that the user needs to perform on the APP under test, allowing the user to perform operations on the cloud phone display interface image based on this user operation task information. The user operation task information represents the various simulated real device operations that the user needs to complete. The system obtains the user's actions on the cloud phone's display interface image based on the current detection item, generates simulated operation instructions for the APP to be detected, and causes the cloud phone to execute the simulated operation instructions. The step of obtaining the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone includes: The data monitoring module installed in the cloud phone is used to acquire the running data generated during the simulated operation of the cloud phone. From the acquired operational data, obtain the current detection data required for the current detection item.
2. The method according to claim 1, wherein, The APP detection page also includes: detection status information of the tasks included in the current detection item; The detection status information is used to display the completion status of the tasks included in the current detection item.
3. The method according to claim 2, wherein, The APP detection page also includes: multiple screenshots of the APP interface to be detected during the execution of the preset target task in the current detection project; and / or, The test results are displayed on the test page of the app.
4. The method according to claim 1, wherein, The cloud phone display interface image is displayed through the following steps: Based on the interface images displayed during the operation of the APP under test, a video stream of the cloud phone display interface is generated; The video stream from the cloud phone's display interface is sent to the APP's detection page for display.
5. The method according to claim 1, wherein, The steps for obtaining the detection result based on the comparison result include: Based on the comparison results, the content in the privacy policy text that is consistent with the APP behavior monitoring data of the APP to be tested and the content in the privacy policy text that is inconsistent with the APP behavior monitoring data generated by the APP to be tested are taken as the detection results; or The comparison results are used as the detection results.
6. An app detection system, the system comprising: Cloud phones, APP testing platform, data monitoring module, and data analysis module; The cloud phone is used to run the app to be tested; The cloud phone is a cloud service with virtual phone functionality; The APP testing platform is used to simulate the operations required for the current testing item in the APP to be tested in the cloud phone based on the current testing item. The data monitoring module is used to obtain the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone; If the current detection item is a privacy compliance detection, the current detection data required for the current detection item includes: privacy policy text and APP behavior monitoring data; The data analysis module is used to perform natural language processing on the privacy policy text to obtain the preset access permissions and preset functions of the app to be tested contained in the privacy policy text; to perform behavior recognition on the app behavior monitoring data to obtain the permissions and functions of the access permissions called during the operation of the app to be tested; to compare the permissions and functions of the access permissions called during the operation of the app to be tested with the preset access permissions and preset functions of the access permissions of the app to be tested contained in the privacy policy text; and to obtain the detection result based on the comparison result. The APP testing platform is used to display an APP testing page to the user. The APP testing page includes: the current testing item and a cloud phone display interface image. The cloud phone display interface image is displayed as a video stream, sent from the cloud phone's background process to the APP testing page. It is generated by the cloud phone's background process running the APP under test and based on the images generated during the APP's operation. The cloud phone display interface image displays various interfaces displayed during the cloud phone's operation of the APP under test. The task information of the current testing item includes: user operation task information that the user needs to perform on the APP under test, so that the user can perform operations on the cloud phone display interface image based on the user operation task information. The user operation task information represents the various simulated real device operation tasks that the user needs to complete. The system obtains the user's actions on the cloud phone's display interface image based on the current detection item, generates simulated operation instructions for the APP to be detected, and causes the cloud phone to execute the simulated operation instructions.
7. The system according to claim 6, wherein, The APP detection page also includes: detection status information of the tasks included in the current detection item; The detection status information is used to display the completion status of the tasks included in the current detection item.
8. The system according to claim 7, wherein, The APP detection page also includes: multiple screenshots of the APP interface to be detected during the execution of the preset target task in the current detection project; and / or The APP detection platform is also used to display the detection results on the APP's detection page.
9. The system according to claim 6, wherein, The cloud phone is also used to generate a video stream of the cloud phone display interface based on the interface images displayed during the operation of the APP to be tested. The video stream from the cloud phone's display interface is sent to the APP's detection page for display.
10. The system according to claim 6, wherein, The data analysis module, based on the comparison results, obtains the detection results by: based on the comparison results, obtaining the content in the privacy policy text that is consistent with the APP behavior monitoring data of the APP to be detected and the content in the privacy policy text that is inconsistent with the APP behavior monitoring data generated by the APP to be detected, as the detection results; or The comparison results are used as the detection results.
11. An app detection device, comprising: The APP to be tested module is used to run the APP to be tested in the cloud phone; The cloud phone is a cloud service with virtual phone functionality; The simulation operation module is used to simulate the operations required for the current detection project in the APP to be detected in the cloud phone, based on the current detection project. The detection data acquisition module is used to obtain the current detection data required for the current detection item from the running data generated during the simulation operation of the cloud phone; If the current detection item is a privacy compliance detection, the current detection data required for the current detection item includes: privacy policy text and APP behavior monitoring data; The detection result acquisition module is used to perform natural language processing on the privacy policy text to obtain the preset access permissions and preset functions of the app to be tested contained in the privacy policy text; to perform behavior recognition on the app behavior monitoring data to obtain the permissions and functions of the access permissions called during the operation of the app to be tested; to compare the permissions and functions of the access permissions called during the operation of the app to be tested with the preset access permissions and preset functions of the access permissions of the app to be tested contained in the privacy policy text; and to obtain the detection result based on the comparison result. The simulation operation module is used for: An APP testing page is displayed to the user. This page includes: the current testing item, a cloud phone display interface image, and task information for the tasks included in the current testing item. The cloud phone display interface image is displayed as a video stream, sent to the APP testing page by the cloud phone's background process. This video stream is generated by the cloud phone's background process running the APP under test and based on the images generated during the APP's operation. The cloud phone display interface image displays various interfaces displayed during the cloud phone's operation of the APP under test. The task information for the current testing item includes: user operation task information that the user needs to perform on the APP under test, allowing the user to perform operations on the cloud phone display interface image based on this user operation task information. The user operation task information represents the various simulated real device operations that the user needs to complete. The system obtains the user's actions on the cloud phone's display interface image based on the current detection item, generates simulated operation instructions for the APP to be detected, and causes the cloud phone to execute the simulated operation instructions. The detection data acquisition module is used for: The data monitoring module installed in the cloud phone is used to acquire the running data generated during the simulated operation of the cloud phone. From the acquired operational data, obtain the current detection data required for the current detection item.
12. An electronic device, comprising: At least one processor; as well as A memory communicatively connected to the at least one processor; wherein, The memory stores instructions that can be executed by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
13. A non-transitory computer-readable storage medium storing computer instructions, wherein, The computer instructions are used to cause the computer to perform the method according to any one of claims 1-5.
14. A computer program product comprising a computer program that, when executed by a processor, implements the method according to any one of claims 1-5.